Date: Thu, 13 Nov 2003 23:33:49 +0100 From: Jesper Skriver <jesper@FreeBSD.org> To: Anders Lowinger <anders@lowinger.se> Cc: Haesu <haesu@towardex.com> Subject: Re: tcp hostcache and ip fastforward for review Message-ID: <20031113223349.GB84594@FreeBSD.org> In-Reply-To: <3FB37F09.4050908@lowinger.se> References: <20031112024507.89398.qmail@web10007.mail.yahoo.com> <3FB20D2B.73624906@pipeline.ch> <20031112195529.GA48020@scylla.towardex.com> <3FB37F09.4050908@lowinger.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 13, 2003 at 01:54:33PM +0100, Anders Lowinger wrote: > >It only takes x num. of kpps with diverse destinations to knock off a > >router running flow based caching. > > Yep, that is true and its hard to work around. > > >Extreme switches use flow based caching (called ipfdb) and any DoS > >attack that uses diverse destinations will kill it pretty quickly.. > > Cisco's newer stuff does the flow-cache independent of the forwarding, > i.e. the flow is more of an accounting cache. With CEF enabled, the flow cache (NetFlow) is only for accounting etc. purposes, and is not involved in forwarding. /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031113223349.GB84594>